help setting up Palo Alto Firewall to log to splun...

adtalmeda · ‎03-11-2015

I'm new to both PAN and splunk. I already have the free splunk trial and I'm already getting logs from a Linux server using UDP 514 and a Windows Server through Remote Event Log Setup using a domain account.

My question is, how do I setup Splunk and the Palo Alto Networks Firewall so that I get the firewall logs through a secure connection like SSL or TCP? I can't find any guide on the internet to do this. Thank you.

mgabriel111 · ‎06-14-2018

2 years later, and I'm trying to do this also.. Documentation is very sparse on this subject. If anyone could explain the steps to effectively send syslogs over SSL from a PA firewall to Splunk successfully I would be eternally grateful!
Thanks

chutvu · ‎07-15-2020

I have been trying to fix this problem for for a week now for TLS 1.2 but nothing. Is there anybody out there who has successfully use send syslog from Palo Alto to Splunk with SSL/TLS?

slashnburn · ‎03-11-2015

You can set up a secure connection using the Splunk default certificates, self-signed certificates, or certificates signed by a third party. You could probably get by using the default certificates, but I would recommend following the process to self-sign the certificates.

A good place to start is http://docs.splunk.com/Documentation/Splunk/6.2.2/Security/AboutsecuringyourSplunkconfigurationwithS...

adtalmeda · ‎03-11-2015

I meant SSL or TLS.. Thank you.

help setting up Palo Alto Firewall to log to splunk securely (SSL / TLS)

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms